Cyber security is an issue that touches every device that sends data to another device. In today’s technological climate, where Russian hackers can influence a foreign election through social media, every US adults’ social security numbers can be stolen from Equifax, and millions of dollars of Bitcoin can get hacked away in an instant, cyber security is something that each consumer and corporation should be investing in. When something so massive affects so many networks, usually the FCC steps in to propose standards and regulate. However, the most recent Chairman of the FCC has changed course with regard to Cyber Security.
Ajit Pai, the Chairman of the FCC, has described the role of the FCC as “relatively circumscribed” when it comes to issues of cyber security and has declined to promulgate uniform rules to prepare for cyber security risks. This is a huge change from the Obama-era FCC under Tom Wheeler, which promulgated a Cybersecurity Framework that laid out the basic cyber protections each company should have.
Similarly, the Obama-era FCC released a white paper discussing the cyber security risks from the expansion of new networks and new devices as well as a Notice of Inquiry designed to build in uniform cyber security protocols to upcoming fifth generation (5G) networks. The Trump-era FCC, however, quickly pulled the white paper and Notice of Inquiry, arguing that the FCC’s role in cyber security is “extremely limited” and should only be consultative instead of action-oriented. As a result, 5G networks are being tested and developed with only the company’s proprietary security measures, with some being worse than others.
The hands-off approach is a hallmark of Trump’s policy positions, choosing to let the free market dictate which protections are needed instead of proscribing them. This has the advantage of allowing private businesses to quickly set up new defenses in response to new types of cyber attacks. It also has the advantage of not alerting potential hackers to exactly what type of protections a business might have. However, the lack of any clear standard leaves businesses without cyber security expertise in the dark. It also creates varied levels of security among businesses that leaves businesses with lower security more vulnerable to attack. The hands-off approach also assumes that consumers have knowledge of which company has stronger security than others, which has been proven time and time again not be the case.
When a technology creates new enterprises, it also creates new types of crime. With new types of crime should come new government regulations to identify that crime and stop it. For example, after industrialization allowed for widespread securities fraud and the Great Depression, the SEC was created to regulate the securities market. As slow and predictable as government action is, it is necessary to have at least a standard for security in the age of the cyber criminal.